diff --git a/backend/src/controllers/userControllers.ts b/backend/src/controllers/userControllers.ts index 12ab6ce..08b2204 100644 --- a/backend/src/controllers/userControllers.ts +++ b/backend/src/controllers/userControllers.ts @@ -7,6 +7,7 @@ import sendMail from "../mail/sendMail"; import { Verifier } from "academic-email-verifier"; import checkCollegeEmail from "../mail/checkAcademic"; import { registerSchema } from "../validation/registerSchema"; +import redis from "../lib/redis"; const googleSignInOrSignUp = asyncHandler( //@ts-ignore @@ -230,7 +231,7 @@ const registerUser = asyncHandler(async (req: Request, res: Response) => { } }); const resendURL = asyncHandler(async (req: Request, res: Response) => { - const {email, password} = req.body; + const { email, password } = req.body; if (!email || !password) { res.status(400).json({ message: "Please provide all fields" }); return; @@ -248,8 +249,7 @@ const resendURL = asyncHandler(async (req: Request, res: Response) => { res.status(401).json({ message: "Logged in with Google Or Github" }); return; } - -}) +}); const verifyUser = asyncHandler(async (req: Request, res: Response) => { const token = req.params.token; if (!token) { @@ -260,7 +260,9 @@ const verifyUser = asyncHandler(async (req: Request, res: Response) => { const { sub, exp } = jwt.verify(token, process.env.SECRET); // @ts-ignore if (exp < Date.now()) { - res.status(400).json({ message: "Token expired. Login to verify your email" }); + res + .status(400) + .json({ message: "Token expired. Login to verify your email" }); return; } const user = await prisma.user.findUnique({ @@ -272,7 +274,7 @@ const verifyUser = asyncHandler(async (req: Request, res: Response) => { res.status(404).json({ message: "User not found" }); return; } - + if (user.emailVerified) { res.status(400).json({ message: "User already verified" }); return; @@ -317,7 +319,7 @@ const loginUser = asyncHandler(async (req: Request, res: Response) => { const url = `${process.env.BACKEND_URL}/api/user/verify/${token}`; const htmlContent = `Verify using this link`; sendMail(htmlContent, email); - res.status(201).json({ message: "Email Sent" }) + res.status(201).json({ message: "Email Sent" }); return; } const match = await bcrypt.compare(password, user.password); @@ -638,6 +640,7 @@ const updateDetails = asyncHandler(async (req: Request, res: Response) => { pic, }, }); + await redis.del(`user:${userId}`); return res.status(200).json({ message: "Details updated" }); }); diff --git a/backend/src/middleware/checkAuth.ts b/backend/src/middleware/checkAuth.ts index 89c07a7..70bed1b 100644 --- a/backend/src/middleware/checkAuth.ts +++ b/backend/src/middleware/checkAuth.ts @@ -1,5 +1,6 @@ import jwt from "jsonwebtoken"; import prisma from "../lib/prisma"; +import redis from "../lib/redis"; // @ts-ignore async function requireAuth(req, res, next) { try { @@ -11,6 +12,17 @@ async function requireAuth(req, res, next) { res.sendStatus(410); return; } + const userId = decoded.sub; + if (!userId) { + res.sendStatus(401); + return; + } + const cachedUser = await redis.get(userId); + if (cachedUser) { + req.user = JSON.parse(cachedUser); + next(); + return; + } const user = await prisma.user.findUnique({ where: { user_id: decoded.sub, @@ -21,7 +33,7 @@ async function requireAuth(req, res, next) { return; } req.user = user; - + await redis.set(`user:${userId}`, JSON.stringify(user), "EX", 3600); next(); } catch (err) { res.sendStatus(401); diff --git a/backend/src/routes/userRoutes.ts b/backend/src/routes/userRoutes.ts index 4985c57..8ed270a 100644 --- a/backend/src/routes/userRoutes.ts +++ b/backend/src/routes/userRoutes.ts @@ -16,6 +16,7 @@ import { updateDetails, } from "../controllers/userControllers"; import checkAuth from "../middleware/checkAuth"; +import rateLimiter from "../middleware/rateLimit"; const router = express.Router(); @@ -31,6 +32,6 @@ router.post("/addDetails", addDetailsToUser); // add details to the current user router.post("/addusername", addUsername); // change the username of the current user router.get("/all", getAllUser); router.get("/logout", logOut); -router.post("/update", checkAuth, updateDetails); +router.post("/update", checkAuth, rateLimiter, updateDetails); export default router;